Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Sep 16, 2024

QSAN Storage Manager - Reflected Cross-Site Scripting

CVE-2021-37216

Description

QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data.

Affected products

Qsan/Storage Manager Xn8008tv5
Range: unspecified
Qsan/Storage Manager Xn8024rv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/tw/cp-132-4962-44cd2-1.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000